Automation

How I Use Apple Shortcuts to Investigate 10x Faster in Alerting

✍️Enzo
πŸ“…11/30/2025
⏱️7 min
πŸ‘οΈ...
#productivity#macOS#automation#SRE#monitoring#shortcuts#alerting#investigation#DevOps#oncall

You're on-call, it's 2 AM, Opsgenie is screaming, and you have a trace UUID in front of you. You know you need to search for it in Datadog... but you have to:

  1. Copy the UUID
  2. Open Chrome
  3. Go to Datadog
  4. Find the right page
  5. Paste the UUID
  6. Launch the search

6 steps and already 45 seconds wasted while the service is burning. 😀

Plot twist: What if I told you that with a simple keyboard shortcut, you go from 6 steps to... just 1? Select your UUID, type ⌘βŒ₯\, and BAM! Datadog opens directly on the right trace.

Today, I'll show you how I created an intelligent navigation system with Apple's Shortcuts app that automatically detects the type of information (UUID, Kubernetes pod, job ID, etc.) and sends you directly to the right place. Welcome to the future of investigation! πŸ”

The Problem: Multi-Tool Investigation Hell

The Reality of an SRE in Alerting

An Opsgenie alert wakes you up. In the message, you have:

  • A trace UUID β†’ to search in Datadog APM
  • A K8s pod name β†’ to inspect in kubectl
  • A CI job ID β†’ to check in GitHub Actions
  • A build ID β†’ to debug in Jenkins
  • A Request ID β†’ to trace in Grafana

The current workflow (without automation):

# Classic scenario at 3 AM
1. Read the Opsgenie alert β†’ Identify the key info
2. Manually copy the UUID/ID/name
3. Remember which tool to use (Datadog? K8s? GitHub?)
4. Open the right site
5. Navigate to the right section
6. Paste and search
7. Repeat for each piece of info...
---
Total time: 2-3 minutes PER info
Stress level: πŸ“ˆ MAX
Error risk: High (wrong tool, typo, etc.)

The painful stats:

  • ~15 clicks on average to reach the right page
  • 2.5 minutes lost per manual search
  • 7-8 searches on average per incident
  • H 20 minutes lost per incident just in navigation! 😱

Why Classic Tools Aren't Enough

You'll tell me: "But I have Alfred/Raycast!". Yes, but:

❌ Alfred/Raycast: Great for launching apps, but...
   - You have to type the command + the argument
   - No automatic type detection
   - Complex configuration for multi-tool usage

❌ Chrome Bookmarks: Convenient, but...
   - Still have to navigate manually
   - No dynamic parameter handling
   - Slow when you have 50+ bookmarks

❌ Clipboard managers: Useful, but...
   - No contextual intelligence
   - You still have to do manual routing

Apple's Shortcuts app is the missing Swiss Army knife! 🎯

The Solution: An Intelligent Shortcut with Regex Detection

System Architecture

Here's how my magic shortcut works:

Architecture of the intelligent detection system with automatic routing to tools

Demo in action:

Demonstration of the shortcut in action: selecting a @profile and automatic opening in YouTube
From selected text to YouTube opened in 2 seconds Β‘

The detailed flow:

  1. You select any text (UUID, ID, name, etc.)
  2. You type ⌘βŒ₯\ (custom keyboard shortcut)
  3. The shortcut analyzes with regex to identify the type
  4. It automatically opens the right URL with the right parameter
  5. Profit! You arrive directly where you need to be πŸŽ‰

Creating the Basic Shortcut

Open the Shortcuts app on macOS and create a new shortcut:

Apple Shortcuts app interface showing the Smart Investigation shortcut configuration
Shortcut configuration in the Shortcuts app: conditional actions and regex detection

πŸ’Ύ Direct Download: Want to save time? Download my "Detective Mode" shortcut ready to use! You can then customize it according to your needs.

πŸ“± Shortcut: "Smart Investigation"
πŸ”‘ Keyboard shortcut: ⌘βŒ₯\ (Command + Option + \)
---
Actions:
1. Receive [Selection] as input from [Anywhere]
2. Set [Selected text] to [Shortcut Input]
3. If [Selected text] matches regex...
   (This is where the magic happens!)

Intelligent Detection Patterns

Here's a summary table of detection patterns. Each regex is optimized to avoid false positives:

TypeRegex PatternExampleAutomatic Action
πŸ” Datadog UUID^[0-9a-f]{8}-[0-9a-f]{4}-4...f47ac10b-58cc-4372-a567-...Opens Datadog APM trace
🐳 Kubernetes Pod^[a-z0-9]...-[a-z0-9]{8,10}-[a-z0-9]{5}$auth-service-7d9f8c6b5-x7k2mTerminal + kubectl logs -f
πŸ”§ GitHub Actions^[0-9]{10,11}$12345678901Opens GitHub Actions Run
πŸ—οΈ Jenkins Build^[0-9]{1,6}$42567Opens Jenkins Job + Build
πŸ“Š Grafana Hash^[0-9a-f]{16}$a1b2c3d4e5f6g7h8Opens Grafana Explore
🚨 Opsgenie Alert^[0-9a-f]{8}-[0-9a-f]{4}-...550e8400-e29b-41d4-...Opens Alert Detail
πŸ‹ Docker Container^[0-9a-f]{12}$ or ^[0-9a-f]{64}$a1b2c3d4e5f6Terminal + docker logs -f
🎫 Jira Ticket^[A-Z]{2,10}-[0-9]{1,6}$DEVOPS-1234Opens Jira Issue
🌐 IP Address^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$192.168.1.1Menu: Ping/Traceroute/Whois

πŸ’‘ Note: The complete patterns are configurable in the shortcut. You can add your own detections based on your tools!

Implementation: The Complete Shortcut

Configuration in Apple Shortcuts

Here's the complete shortcut flow (I'm giving you the pseudo-code as the visual interface is difficult to represent here):

πŸ”§ SHORTCUT: "Smart Investigation"
─────────────────────────────────────
1. Receive [Text] from [Selection]
2. Set variable [Input] = [Text]
3. Clean [Input] (trim spaces, lowercase if needed)
─────────────────────────────────────
4. IF [Input] matches UUID_REGEX
   β†’ Open URL: https://app.datadoghq.com/apm/trace/[Input]
─────────────────────────────────────
5. ELSE IF [Input] matches K8S_POD_REGEX
   β†’ Execute Shell script:
     osascript -e 'tell application "Terminal"
         do script "kubectl logs -f [Input] --tail=100"
         activate
     end tell'
─────────────────────────────────────
6. ELSE IF [Input] matches GH_JOB_REGEX
   β†’ Open URL: https://github.com/my-org/my-repo/actions/runs/[Input]
─────────────────────────────────────
7. ELSE IF [Input] matches JENKINS_REGEX
   β†’ Ask for job name (global variable or menu)
   β†’ Open URL: https://jenkins.company.com/job/[JOB_NAME]/[Input]
─────────────────────────────────────
8. ELSE IF [Input] matches OPSGENIE_REGEX
   β†’ Open URL: https://company.app.opsgenie.com/alert/detail/[Input]
─────────────────────────────────────
9. ELSE IF [Input] matches GRAFANA_REGEX
   β†’ Open URL: https://grafana.company.com/explore?query=[Input]
─────────────────────────────────────
10. ELSE IF [Input] matches DOCKER_REGEX
    β†’ Execute Terminal:
      docker logs -f [Input] --tail=200
─────────────────────────────────────
11. ELSE IF [Input] matches IP_REGEX
    β†’ Menu: [Ping] [Traceroute] [Whois]
    β†’ Based on choice, execute appropriate command
─────────────────────────────────────
12. ELSE IF [Input] matches JIRA_REGEX
    β†’ Open URL: https://company.atlassian.net/browse/[Input]
─────────────────────────────────────
13. ELSE
    β†’ Google Search: "site:company.com [Input]"
    β†’ OR Slack search: slack://search?query=[Input]

Concrete Example: Datadog UUID Detection

Here's how to configure UUID detection for Datadog APM:

Step 1: Create the "If" action

If [Shortcut Input] matches regular expression
Pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$
Options: βœ“ Case sensitive

Step 2: Build the URL

Text:
https://app.datadoghq.com/apm/trace/[Shortcut Input]

Step 3: Open in browser

Open URL [Text]

Real-world test:

# You have this message in Opsgenie:
"Error processing request f47ac10b-58cc-4372-a567-0e02b2c3d479"

# You select the UUID, you type ⌘βŒ₯\
# β†’ Chrome instantly opens on the Datadog trace!

Time saved: 45 seconds β†’ 2 seconds πŸš€

Advanced Example: Kubernetes Pods Management

To quickly investigate a problematic pod:

Action: Execute Shell Script

#!/bin/bash
POD_NAME="$1"

# Open a new terminal with logs
osascript <<EOF
tell application "Terminal"
    do script "kubectl logs -f $POD_NAME --tail=200 | grep -E 'ERROR|WARN|FATAL'"
    activate
end tell
EOF

Bonus: Contextual menu for K8s

Menu: Choose from
   - "Logs (-f tail 200)"
   - "Describe pod"
   - "Get pod events"
   - "Exec into pod"

Based on choice:
  - Logs: kubectl logs -f [POD] --tail=200
  - Describe: kubectl describe pod [POD]
  - Events: kubectl get events --field-selector involvedObject.name=[POD]
  - Exec: kubectl exec -it [POD] -- /bin/bash

Advanced Use Cases

Contextual Menu for Kubernetes

Beyond simple kubectl logs, offer an action menu:

Menu: Choose from
   - "Logs (-f tail 200)"
   - "Describe pod"
   - "Get pod events"
   - "Exec into pod"

Intelligent Detection for Jenkins

For Jenkins build numbers, ask which job:

JOB_DICTIONARY = {
    "deploy-prod": "deployment/prod-pipeline",
    "tests-integration": "tests/integration-suite"
}

Menu: Choose the job β†’ Build the appropriate URL

Quick IP Investigation

For a detected IP, offer several actions:

#!/bin/bash
# Menu: Ping | Traceroute | Whois | Check Blacklist
# Based on choice, execute the command or open the appropriate site

The Concrete Gain

Before/after comparison on a typical incident:

StepBefore (manual)After (shortcut)
UUID β†’ Datadog35 seconds2 seconds Β‘
Pod β†’ K8s Logs28 seconds3 seconds Β‘
Ticket β†’ Jira18 seconds2 seconds Β‘
TOTAL93 seconds7 seconds
GAIN-92% faster! πŸš€

In one month: ~33 minutes saved, zero routing errors, and above all... much less stress on-call! 😌

3 Pro Tips to Go Further

1. Investigation History for Post-Mortems

Add an automatic log of each search:

#!/bin/bash
# Add to the shortcut to trace your path
echo "$(date '+%Y-%m-%d %H:%M:%S'): $TYPE_DETECTED - $INPUT" >> ~/investigation_history.log

Why is this useful? During the incident, you navigate quickly. With the history, you can reconstruct your reasoning for the post-mortem without racking your brain!

2. Team mode: Share with the whole team

# In Shortcuts:
File β†’ Export β†’ SmartInvestigation.shortcut

# Share via Slack, the whole team benefits! πŸŽ‰

Bonus: Configure global variables (URLs, GitHub repos) so everyone can adjust to their environment:

URLS = {
    "datadog": "https://app.datadoghq.com",
    "grafana": "https://grafana.company.com",
    "jenkins": "https://jenkins.company.com"
}

3. Intelligent Fallback if Nothing Matches

If no pattern matches, offer options:

Contextual menu:
- "Search in Datadog"
- "Search in Slack"
- "Search in Google"
- "Copy and continue manually"

This way, the shortcut remains useful even for edge cases! 🎯

Conclusion: Productivity is Automating the Annoying Stuff

In the end, this Apple shortcut is like having a personal assistant who knows all your tools by heart and instantly opens the right page in the right place. No more need to think, navigate, copy-paste... Just select and GO!

The concrete benefits:

  • -92% time spent navigating during investigations
  • 0 routing errors (no more "oops I searched in the wrong tool")
  • 10x smoother investigation flow
  • Stress divided by 2 on-call
  • Jealous colleagues asking for your config 😎

The best part? Once configured, you don't even think about it anymore. It becomes a reflex: select, ⌘βŒ₯\, investigate. Simple. Fast. Effective.

So, ready to transform your on-call shifts into moments of zen productivity? Your "3 AM self" will thank you! πŸŒ™

πŸ”₯ Bonus challenge: Time your next investigation before setting up the shortcut. Then measure again after. Send me your results, I bet you'll divide by 5 at minimum!

PS: My shortcut is called "Detective Mode" πŸ•΅οΈ and I configured Siri so I can say "Hey Siri, detective mode" when my hands are busy. Welcome to the future!

Stay in Touch

Thank you for following me on this adventure! πŸš€

πŸ“ Note: The original idea for this intelligent investigation system doesn't come from me. I simply adapted this concept for macOS using Apple's Shortcuts app, making this approach accessible to all Mac users without needing third-party tools.

This article was written with ❀️ for the DevOps community.

Sources and references

[1] Apple Shortcuts User Guide
[2] Datadog APM Documentation
[3] Kubernetes kubectl Documentation
Sources accessed on 26/11/2025